1 /* |
|
2 * This product includes cryptographic software developed by the OpenSSL |
|
3 * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). |
|
4 */ |
|
5 |
|
6 /* |
|
7 * ==================================================================== |
|
8 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. |
|
9 * |
|
10 * Redistribution and use in source and binary forms, with or without |
|
11 * modification, are permitted provided that the following conditions |
|
12 * are met: |
|
13 * |
|
14 * 1. Redistributions of source code must retain the above copyright |
|
15 * notice, this list of conditions and the following disclaimer. |
|
16 * |
|
17 * 2. Redistributions in binary form must reproduce the above copyright |
|
18 * notice, this list of conditions and the following disclaimer in |
|
19 * the documentation and/or other materials provided with the |
|
20 * distribution. |
|
21 * |
|
22 * 3. All advertising materials mentioning features or use of this |
|
23 * software must display the following acknowledgment: |
|
24 * "This product includes software developed by the OpenSSL Project |
|
25 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|
26 * |
|
27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
28 * endorse or promote products derived from this software without |
|
29 * prior written permission. For written permission, please contact |
|
30 * [email protected]. |
|
31 * |
|
32 * 5. Products derived from this software may not be called "OpenSSL" |
|
33 * nor may "OpenSSL" appear in their names without prior written |
|
34 * permission of the OpenSSL Project. |
|
35 * |
|
36 * 6. Redistributions of any form whatsoever must retain the following |
|
37 * acknowledgment: |
|
38 * "This product includes software developed by the OpenSSL Project |
|
39 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|
40 * |
|
41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
52 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
53 * ==================================================================== |
|
54 */ |
|
55 |
|
56 /* |
|
57 * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. |
|
58 */ |
|
59 |
|
60 /* |
|
61 * This engine supports SPARC microprocessors that provide AES and other |
|
62 * cipher and hash instructions, such as the T4 microprocessor. |
|
63 */ |
|
64 |
|
65 #include <openssl/opensslconf.h> |
|
66 |
|
67 #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_T4) && \ |
|
68 !defined(OPENSSL_NO_AES) |
|
69 #include <sys/types.h> |
|
70 #include <sys/auxv.h> /* getisax() */ |
|
71 #include <stdlib.h> |
|
72 #include <stdbool.h> |
|
73 #include <string.h> |
|
74 #include <errno.h> |
|
75 #include <openssl/aes.h> |
|
76 #include <openssl/engine.h> |
|
77 #include "eng_t4_aes_asm.h" |
|
78 |
|
79 #define T4_LIB_NAME "SPARC T4 engine" |
|
80 #include "eng_t4_err.c" |
|
81 |
|
82 /* Copied from Solaris aes_impl.h */ |
|
83 #ifndef MAX_AES_NR |
|
84 #define MAX_AES_NR 14 /* Maximum number of rounds */ |
|
85 #endif |
|
86 #ifndef MAX_AES_NB |
|
87 #define MAX_AES_NB 4 /* Number of columns comprising a state */ |
|
88 #endif |
|
89 |
|
90 /* Index for the supported ciphers */ |
|
91 typedef enum { |
|
92 T4_AES_128_CBC, |
|
93 T4_AES_192_CBC, |
|
94 T4_AES_256_CBC, |
|
95 #ifndef SOLARIS_NO_AES_CFB128 |
|
96 T4_AES_128_CFB128, |
|
97 T4_AES_192_CFB128, |
|
98 T4_AES_256_CFB128, |
|
99 #endif /* !SOLARIS_NO_AES_CFB128 */ |
|
100 #ifndef SOLARIS_NO_AES_CTR |
|
101 T4_AES_128_CTR, |
|
102 T4_AES_192_CTR, |
|
103 T4_AES_256_CTR, |
|
104 #endif |
|
105 T4_AES_128_ECB, |
|
106 T4_AES_192_ECB, |
|
107 T4_AES_256_ECB, |
|
108 T4_CIPHER_MAX |
|
109 } t4_cipher_id; |
|
110 |
|
111 /* T4 cipher context; must be 8-byte aligned (last field must be uint64_t) */ |
|
112 typedef struct t4_cipher_ctx { |
|
113 t4_cipher_id index; |
|
114 uint64_t *iv; |
|
115 uint64_t aligned_iv_buffer[2]; /* use if original IV unaligned */ |
|
116 /* Encryption and decryption key schedule are the same: */ |
|
117 uint64_t t4_ks[((MAX_AES_NR) + 1) * (MAX_AES_NB)]; |
|
118 } t4_cipher_ctx_t; |
|
119 |
|
120 typedef struct t4_cipher { |
|
121 t4_cipher_id id; |
|
122 int nid; |
|
123 int iv_len; |
|
124 int min_key_len; |
|
125 int max_key_len; |
|
126 unsigned long flags; |
|
127 } t4_cipher_t; |
|
128 |
|
129 /* Constants used when creating the ENGINE */ |
|
130 static const char *ENGINE_T4_ID = "t4"; |
|
131 static const char *ENGINE_T4_NAME = "SPARC T4 engine support"; |
|
132 static const char *ENGINE_NO_T4_NAME = "SPARC T4 engine support (no T4)"; |
|
133 |
|
134 |
|
135 #if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ |
|
136 defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) |
|
137 #define COMPILE_HW_T4 |
|
138 static int t4_bind_helper(ENGINE *e, const char *id); |
|
139 #pragma inline(t4_bind_helper) |
|
140 #endif |
|
141 |
|
142 /* |
|
143 * This makes the engine "built-in" with OpenSSL. |
|
144 * On non-T4 CPUs this just returns. |
|
145 * Called by ENGINE_load_builtin_engines(). |
|
146 */ |
|
147 void |
|
148 ENGINE_load_t4(void) |
|
149 { |
|
150 #ifdef COMPILE_HW_T4 |
|
151 ENGINE *toadd = ENGINE_new(); |
|
152 if (toadd != NULL) { |
|
153 if (t4_bind_helper(toadd, ENGINE_T4_ID) != 0) { |
|
154 (void) ENGINE_add(toadd); |
|
155 (void) ENGINE_free(toadd); |
|
156 ERR_clear_error(); |
|
157 } else { |
|
158 (void) ENGINE_free(toadd); |
|
159 } |
|
160 } |
|
161 #endif |
|
162 } |
|
163 |
|
164 |
|
165 #ifdef COMPILE_HW_T4 |
|
166 static int t4_bind(ENGINE *e); |
|
167 #ifndef DYNAMIC_ENGINE |
|
168 #pragma inline(t4_bind) |
|
169 #endif |
|
170 static t4_cipher_id get_cipher_index_by_nid(int nid); |
|
171 #pragma inline(get_cipher_index_by_nid) |
|
172 static void t4_instructions_present(_Bool *aes_present, _Bool *des_present, |
|
173 _Bool *digest_present, _Bool *montmul_present); |
|
174 #pragma inline(t4_instructions_present) |
|
175 |
|
176 /* Digest registration function. Called by ENGINE_set_ciphers() */ |
|
177 int t4_get_all_digests(ENGINE *e, const EVP_MD **digest, |
|
178 const int **nids, int nid); |
|
179 |
|
180 /* RSA_METHOD structure used by ENGINE_set_RSA() */ |
|
181 extern RSA_METHOD *t4_RSA(void); |
|
182 |
|
183 /* DH_METHOD structure used by ENGINE_set_DH() */ |
|
184 extern DH_METHOD *t4_DH(void); |
|
185 |
|
186 /* DSA_METHOD structure used by ENGINE_set_DSA() */ |
|
187 extern DSA_METHOD *t4_DSA(void); |
|
188 |
|
189 #ifndef SOLARIS_NO_AES_CTR |
|
190 /* |
|
191 * NIDs for AES counter mode that will be defined during the engine |
|
192 * initialization (because OpenSSL doesn't support CTR mode). |
|
193 */ |
|
194 static int NID_t4_aes_128_ctr = NID_undef; |
|
195 static int NID_t4_aes_192_ctr = NID_undef; |
|
196 static int NID_t4_aes_256_ctr = NID_undef; |
|
197 |
|
198 static int t4_add_NID(char *sn, char *ln); |
|
199 static int t4_add_aes_ctr_NIDs(void); |
|
200 #pragma inline(t4_add_aes_ctr_NIDs) |
|
201 static void t4_free_aes_ctr_NIDs(void); |
|
202 #define T4_FREE_AES_CTR_NIDS t4_free_aes_ctr_NIDs() |
|
203 #else |
|
204 #define T4_FREE_AES_CTR_NIDS |
|
205 #endif /* !SOLARIS_NO_AES_CTR */ |
|
206 |
|
207 /* Static variables */ |
|
208 /* This can't be const as NID*ctr is inserted when the engine is initialized */ |
|
209 static int t4_cipher_nids[] = { |
|
210 NID_aes_128_cbc, NID_aes_192_cbc, NID_aes_256_cbc, |
|
211 #ifndef SOLARIS_NO_AES_CFB128 |
|
212 NID_aes_128_cfb128, NID_aes_192_cfb128, NID_aes_256_cfb128, |
|
213 #endif |
|
214 #ifndef SOLARIS_NO_AES_CTR |
|
215 /* NID_t4_aes_128_ctr, NID_t4_aes_192, NID_t4_aes_256 */ |
|
216 NID_undef, NID_undef, NID_undef, |
|
217 #endif |
|
218 NID_aes_128_ecb, NID_aes_192_ecb, NID_aes_256_ecb, |
|
219 #ifndef OPENSSL_NO_DES |
|
220 /* Must be at end of list (see t4_des_cipher_count in t4_bind() */ |
|
221 NID_des_cbc, NID_des_ede3_cbc, NID_des_ecb, NID_des_ede3_ecb, |
|
222 #endif |
|
223 }; |
|
224 static const int t4_des_cipher_count = 4; |
|
225 static int t4_cipher_count = |
|
226 (sizeof (t4_cipher_nids) / sizeof (t4_cipher_nids[0])); |
|
227 |
|
228 /* |
|
229 * Cipher Table for all supported symmetric ciphers. |
|
230 * Must be in same order as t4_cipher_id. |
|
231 */ |
|
232 static t4_cipher_t t4_cipher_table[] = { |
|
233 /* ID NID IV min- max-key flags */ |
|
234 {T4_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, 0}, |
|
235 {T4_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, 0}, |
|
236 {T4_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, 0}, |
|
237 #ifndef SOLARIS_NO_AES_CFB128 |
|
238 {T4_AES_128_CFB128, NID_aes_128_cfb128, 16, 16, 16, |
|
239 EVP_CIPH_NO_PADDING}, |
|
240 {T4_AES_192_CFB128, NID_aes_192_cfb128, 16, 24, 24, |
|
241 EVP_CIPH_NO_PADDING}, |
|
242 {T4_AES_256_CFB128, NID_aes_256_cfb128, 16, 32, 32, |
|
243 EVP_CIPH_NO_PADDING}, |
|
244 #endif |
|
245 #ifndef SOLARIS_NO_AES_CTR |
|
246 /* We don't know the correct NIDs until the engine is initialized */ |
|
247 {T4_AES_128_CTR, NID_undef, 16, 16, 16, |
|
248 EVP_CIPH_NO_PADDING}, |
|
249 {T4_AES_192_CTR, NID_undef, 16, 24, 24, |
|
250 EVP_CIPH_NO_PADDING}, |
|
251 {T4_AES_256_CTR, NID_undef, 16, 32, 32, |
|
252 EVP_CIPH_NO_PADDING}, |
|
253 #endif |
|
254 {T4_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, 0}, |
|
255 {T4_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, 0}, |
|
256 {T4_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, 0}, |
|
257 }; |
|
258 |
|
259 |
|
260 /* Formal declaration for functions in EVP_CIPHER structure */ |
|
261 static int t4_cipher_init_aes(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
|
262 const unsigned char *iv, int enc); |
|
263 |
|
264 static int t4_cipher_do_aes_128_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
265 const unsigned char *in, size_t inl); |
|
266 static int t4_cipher_do_aes_192_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
267 const unsigned char *in, size_t inl); |
|
268 static int t4_cipher_do_aes_256_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
269 const unsigned char *in, size_t inl); |
|
270 #ifndef SOLARIS_NO_AES_CFB128 |
|
271 static int t4_cipher_do_aes_128_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
272 const unsigned char *in, size_t inl); |
|
273 static int t4_cipher_do_aes_192_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
274 const unsigned char *in, size_t inl); |
|
275 static int t4_cipher_do_aes_256_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
276 const unsigned char *in, size_t inl); |
|
277 #endif |
|
278 #ifndef SOLARIS_NO_AES_CTR |
|
279 static int t4_cipher_do_aes_128_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
280 const unsigned char *in, size_t inl); |
|
281 static int t4_cipher_do_aes_192_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
282 const unsigned char *in, size_t inl); |
|
283 static int t4_cipher_do_aes_256_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
284 const unsigned char *in, size_t inl); |
|
285 #endif /* !SOLARIS_NO_AES_CTR */ |
|
286 static int t4_cipher_do_aes_128_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
287 const unsigned char *in, size_t inl); |
|
288 static int t4_cipher_do_aes_192_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
289 const unsigned char *in, size_t inl); |
|
290 static int t4_cipher_do_aes_256_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
291 const unsigned char *in, size_t inl); |
|
292 |
|
293 |
|
294 /* |
|
295 * Cipher Algorithms |
|
296 * |
|
297 * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. |
|
298 * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the |
|
299 * definition cannot be modified. |
|
300 * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is |
|
301 * pointed to by cipher_data or md_data |
|
302 * |
|
303 * Fields: nid, block_size, key_len, iv_len, flags, |
|
304 * init(), do_cipher(), cleanup(), |
|
305 * ctx_size, |
|
306 * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data |
|
307 */ |
|
308 |
|
309 static const EVP_CIPHER t4_aes_128_cbc = { |
|
310 NID_aes_128_cbc, |
|
311 16, 16, 16, |
|
312 EVP_CIPH_CBC_MODE, |
|
313 t4_cipher_init_aes, t4_cipher_do_aes_128_cbc, NULL, |
|
314 sizeof (t4_cipher_ctx_t), |
|
315 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
316 NULL, NULL |
|
317 }; |
|
318 static const EVP_CIPHER t4_aes_192_cbc = { |
|
319 NID_aes_192_cbc, |
|
320 16, 24, 16, |
|
321 EVP_CIPH_CBC_MODE, |
|
322 t4_cipher_init_aes, t4_cipher_do_aes_192_cbc, NULL, |
|
323 sizeof (t4_cipher_ctx_t), |
|
324 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
325 NULL, NULL |
|
326 }; |
|
327 static const EVP_CIPHER t4_aes_256_cbc = { |
|
328 NID_aes_256_cbc, |
|
329 16, 32, 16, |
|
330 EVP_CIPH_CBC_MODE, |
|
331 t4_cipher_init_aes, t4_cipher_do_aes_256_cbc, NULL, |
|
332 sizeof (t4_cipher_ctx_t), |
|
333 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
334 NULL, NULL |
|
335 }; |
|
336 |
|
337 #ifndef SOLARIS_NO_AES_CFB128 |
|
338 static const EVP_CIPHER t4_aes_128_cfb128 = { |
|
339 NID_aes_128_cfb128, |
|
340 16, 16, 16, |
|
341 EVP_CIPH_CFB_MODE, |
|
342 t4_cipher_init_aes, t4_cipher_do_aes_128_cfb128, NULL, |
|
343 sizeof (t4_cipher_ctx_t), |
|
344 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
345 NULL, NULL |
|
346 }; |
|
347 static const EVP_CIPHER t4_aes_192_cfb128 = { |
|
348 NID_aes_192_cfb128, |
|
349 16, 24, 16, |
|
350 EVP_CIPH_CFB_MODE, |
|
351 t4_cipher_init_aes, t4_cipher_do_aes_192_cfb128, NULL, |
|
352 sizeof (t4_cipher_ctx_t), |
|
353 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
354 NULL, NULL |
|
355 }; |
|
356 static const EVP_CIPHER t4_aes_256_cfb128 = { |
|
357 NID_aes_256_cfb128, |
|
358 16, 32, 16, |
|
359 EVP_CIPH_CFB_MODE, |
|
360 t4_cipher_init_aes, t4_cipher_do_aes_256_cfb128, NULL, |
|
361 sizeof (t4_cipher_ctx_t), |
|
362 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
363 NULL, NULL |
|
364 }; |
|
365 #endif /* !SOLARIS_NO_AES_CFB128 */ |
|
366 |
|
367 #ifndef SOLARIS_NO_AES_CTR |
|
368 /* |
|
369 * Counter mode is not defined in OpenSSL. |
|
370 * NID_undef's will be changed to AES counter mode NIDs as soon as they are |
|
371 * created in t4_add_aes_ctr_NIDs() when the engine is initialized. |
|
372 * Note that the need to change these structures during initialization is the |
|
373 * reason why we don't define them with the const keyword. |
|
374 */ |
|
375 static EVP_CIPHER t4_aes_128_ctr = { |
|
376 NID_undef, |
|
377 16, 16, 16, |
|
378 EVP_CIPH_CBC_MODE, |
|
379 t4_cipher_init_aes, t4_cipher_do_aes_128_ctr, NULL, |
|
380 sizeof (t4_cipher_ctx_t), |
|
381 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
382 NULL, NULL |
|
383 }; |
|
384 static EVP_CIPHER t4_aes_192_ctr = { |
|
385 NID_undef, |
|
386 16, 24, 16, |
|
387 EVP_CIPH_CBC_MODE, |
|
388 t4_cipher_init_aes, t4_cipher_do_aes_192_ctr, NULL, |
|
389 sizeof (t4_cipher_ctx_t), |
|
390 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
391 NULL, NULL |
|
392 }; |
|
393 static EVP_CIPHER t4_aes_256_ctr = { |
|
394 NID_undef, |
|
395 16, 32, 16, |
|
396 EVP_CIPH_CBC_MODE, |
|
397 t4_cipher_init_aes, t4_cipher_do_aes_256_ctr, NULL, |
|
398 sizeof (t4_cipher_ctx_t), |
|
399 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, |
|
400 NULL, NULL |
|
401 }; |
|
402 #endif /* !SOLARIS_NO_AES_CTR */ |
|
403 |
|
404 /* |
|
405 * ECB modes don't use an Initial Vector, so that's why set_asn1_parameters, |
|
406 * get_asn1_parameters, and cleanup fields are set to NULL. |
|
407 */ |
|
408 static const EVP_CIPHER t4_aes_128_ecb = { |
|
409 NID_aes_128_ecb, |
|
410 16, 16, 0, |
|
411 EVP_CIPH_ECB_MODE, |
|
412 t4_cipher_init_aes, t4_cipher_do_aes_128_ecb, NULL, |
|
413 sizeof (t4_cipher_ctx_t), |
|
414 NULL, NULL, NULL, NULL |
|
415 }; |
|
416 static const EVP_CIPHER t4_aes_192_ecb = { |
|
417 NID_aes_192_ecb, |
|
418 16, 24, 0, |
|
419 EVP_CIPH_ECB_MODE, |
|
420 t4_cipher_init_aes, t4_cipher_do_aes_192_ecb, NULL, |
|
421 sizeof (t4_cipher_ctx_t), |
|
422 NULL, NULL, NULL, NULL |
|
423 }; |
|
424 static const EVP_CIPHER t4_aes_256_ecb = { |
|
425 NID_aes_256_ecb, |
|
426 16, 32, 0, |
|
427 EVP_CIPH_ECB_MODE, |
|
428 t4_cipher_init_aes, t4_cipher_do_aes_256_ecb, NULL, |
|
429 sizeof (t4_cipher_ctx_t), |
|
430 NULL, NULL, NULL, NULL |
|
431 }; |
|
432 |
|
433 #ifndef OPENSSL_NO_DES |
|
434 extern const EVP_CIPHER t4_des_cbc; |
|
435 extern const EVP_CIPHER t4_des3_cbc; |
|
436 extern const EVP_CIPHER t4_des_ecb; |
|
437 extern const EVP_CIPHER t4_des3_ecb; |
|
438 #endif /* OPENSSL_NO_DES */ |
|
439 |
|
440 |
|
441 /* |
|
442 * Message Digest variables |
|
443 */ |
|
444 static const int t4_digest_nids[] = { |
|
445 #ifndef OPENSSL_NO_MD5 |
|
446 NID_md5, |
|
447 #endif |
|
448 #ifndef OPENSSL_NO_SHA |
|
449 #ifndef OPENSSL_NO_SHA1 |
|
450 NID_sha1, |
|
451 #endif |
|
452 #ifndef OPENSSL_NO_SHA256 |
|
453 NID_sha224, |
|
454 NID_sha256, |
|
455 #endif |
|
456 #ifndef OPENSSL_NO_SHA512 |
|
457 NID_sha384, |
|
458 NID_sha512, |
|
459 #endif |
|
460 #endif /* !OPENSSL_NO_SHA */ |
|
461 }; |
|
462 static const int t4_digest_count = |
|
463 (sizeof (t4_digest_nids) / sizeof (t4_digest_nids[0])); |
|
464 |
|
465 #ifndef OPENSSL_NO_MD5 |
|
466 extern const EVP_MD t4_md5; |
|
467 #endif |
|
468 #ifndef OPENSSL_NO_SHA |
|
469 #ifndef OPENSSL_NO_SHA1 |
|
470 extern const EVP_MD t4_sha1; |
|
471 #endif |
|
472 #ifndef OPENSSL_NO_SHA256 |
|
473 extern const EVP_MD t4_sha224; |
|
474 extern const EVP_MD t4_sha256; |
|
475 #endif |
|
476 #ifndef OPENSSL_NO_SHA512 |
|
477 extern const EVP_MD t4_sha384; |
|
478 extern const EVP_MD t4_sha512; |
|
479 #endif |
|
480 #endif /* !OPENSSL_NO_SHA */ |
|
481 |
|
482 /* |
|
483 * Message Digest functions |
|
484 */ |
|
485 |
|
486 /* |
|
487 * Registered by the ENGINE with ENGINE_set_digests(). |
|
488 * Finds out how to deal with a particular digest NID in the ENGINE. |
|
489 */ |
|
490 /* ARGSUSED */ |
|
491 int |
|
492 t4_get_all_digests(ENGINE *e, const EVP_MD **digest, |
|
493 const int **nids, int nid) |
|
494 { |
|
495 if (digest == NULL) { /* return a list of all supported digests */ |
|
496 *nids = (t4_digest_count > 0) ? t4_digest_nids : NULL; |
|
497 return (t4_digest_count); |
|
498 } |
|
499 |
|
500 switch (nid) { |
|
501 #ifndef OPENSSL_NO_MD5 |
|
502 case NID_md5: |
|
503 *digest = &t4_md5; |
|
504 break; |
|
505 #endif |
|
506 #ifndef OPENSSL_NO_SHA |
|
507 #ifndef OPENSSL_NO_SHA1 |
|
508 /* |
|
509 * A special case. For "openssl dgst -dss1 ...", |
|
510 * OpenSSL calls EVP_get_digestbyname() on "dss1" which ends up |
|
511 * calling t4_get_all_digests() for NID_dsa. Internally, if an |
|
512 * engine is not used, OpenSSL uses SHA1_Init() as expected for |
|
513 * DSA. So, we must return t4_sha1 for NID_dsa as well. Note |
|
514 * that this must have changed between 0.9.8 and 1.0.0 since we |
|
515 * did not have the problem with the 0.9.8 version. |
|
516 */ |
|
517 case NID_dsa: |
|
518 case NID_sha1: |
|
519 *digest = &t4_sha1; |
|
520 break; |
|
521 #endif |
|
522 #ifndef OPENSSL_NO_SHA256 |
|
523 case NID_sha224: |
|
524 *digest = &t4_sha224; |
|
525 break; |
|
526 case NID_sha256: |
|
527 *digest = &t4_sha256; |
|
528 break; |
|
529 #endif |
|
530 #ifndef OPENSSL_NO_SHA512 |
|
531 case NID_sha384: |
|
532 *digest = &t4_sha384; |
|
533 break; |
|
534 case NID_sha512: |
|
535 *digest = &t4_sha512; |
|
536 break; |
|
537 #endif |
|
538 #endif /* !OPENSSL_NO_SHA */ |
|
539 default: |
|
540 /* digest not supported */ |
|
541 *digest = NULL; |
|
542 return (0); |
|
543 } |
|
544 |
|
545 return (1); |
|
546 } |
|
547 |
|
548 |
|
549 /* |
|
550 * Utility Functions |
|
551 */ |
|
552 |
|
553 /* |
|
554 * Set aes_present, des_present, digest_present and montmul_present |
|
555 * to B_FALSE or B_TRUE depending on |
|
556 * whether the current SPARC processor supports AES, DES, |
|
557 * MD5/SHA1/SHA256/SHA512 and MONTMUL, respectively. |
|
558 */ |
|
559 static void |
|
560 t4_instructions_present(_Bool *aes_present, _Bool *des_present, |
|
561 _Bool *digest_present, _Bool *montmul_present) |
|
562 { |
|
563 #ifdef OPENSSL_NO_DES |
|
564 #undef AV_SPARC_DES |
|
565 #define AV_SPARC_DES 0 |
|
566 #endif |
|
567 #ifdef OPENSSL_NO_MD5 |
|
568 #undef AV_SPARC_MD5 |
|
569 #define AV_SPARC_MD5 0 |
|
570 #endif |
|
571 #ifndef OPENSSL_NO_SHA |
|
572 #ifdef OPENSSL_NO_SHA1 |
|
573 #undef AV_SPARC_SHA1 |
|
574 #define AV_SPARC_SHA1 0 |
|
575 #endif |
|
576 #ifdef OPENSSL_NO_SHA256 |
|
577 #undef AV_SPARC_SHA256 |
|
578 #define AV_SPARC_SHA256 0 |
|
579 #endif |
|
580 #ifdef OPENSSL_NO_SHA512 |
|
581 #undef AV_SPARC_SHA512 |
|
582 #define AV_SPARC_SHA512 0 |
|
583 #endif |
|
584 #else |
|
585 #undef AV_SPARC_SHA1 |
|
586 #undef AV_SPARC_SHA256 |
|
587 #undef AV_SPARC_SHA512 |
|
588 #define AV_SPARC_SHA1 0 |
|
589 #define AV_SPARC_SHA256 0 |
|
590 #define AV_SPARC_SHA512 0 |
|
591 #endif /* !OPENSSL_NO_SHA */ |
|
592 |
|
593 #define DIGEST_MASK (AV_SPARC_MD5 | AV_SPARC_SHA1 | AV_SPARC_SHA256 | \ |
|
594 AV_SPARC_SHA512) |
|
595 uint_t ui; |
|
596 |
|
597 (void) getisax(&ui, 1); |
|
598 *aes_present = ((ui & AV_SPARC_AES) != 0); |
|
599 *des_present = ((ui & AV_SPARC_DES) != 0); |
|
600 *digest_present = ((ui & DIGEST_MASK) == DIGEST_MASK); |
|
601 *montmul_present = ((ui & AV_SPARC_MONT) != 0); |
|
602 } |
|
603 |
|
604 |
|
605 #ifndef SOLARIS_NO_AES_CTR |
|
606 /* Create a new NID when we have no OID for that mechanism */ |
|
607 static int |
|
608 t4_add_NID(char *sn, char *ln) |
|
609 { |
|
610 ASN1_OBJECT *o; |
|
611 int nid; |
|
612 |
|
613 if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"", |
|
614 1, sn, ln)) == NULL) { |
|
615 T4err(T4_F_ADD_NID, T4_R_ASN1_OBJECT_CREATE); |
|
616 return (0); |
|
617 } |
|
618 |
|
619 /* Will return NID_undef on error */ |
|
620 nid = OBJ_add_object(o); |
|
621 ASN1_OBJECT_free(o); |
|
622 |
|
623 return (nid); |
|
624 } |
|
625 |
|
626 |
|
627 /* |
|
628 * Create new NIDs for AES counter mode. |
|
629 * OpenSSL doesn't support them now so we have to help ourselves here. |
|
630 */ |
|
631 static int |
|
632 t4_add_aes_ctr_NIDs(void) |
|
633 { |
|
634 /* Are we already set? */ |
|
635 if (NID_t4_aes_256_ctr != NID_undef) |
|
636 return (1); |
|
637 |
|
638 /* |
|
639 * There are no official names for AES counter modes yet so we just |
|
640 * follow the format of those that exist. |
|
641 */ |
|
642 |
|
643 /* Initialize NID_t4_aes_*_ctr and t4_cipher_table[] variables */ |
|
644 if ((NID_t4_aes_128_ctr = t4_add_NID("AES-128-CTR", "aes-128-ctr")) == |
|
645 NID_undef) |
|
646 return (0); |
|
647 t4_cipher_table[T4_AES_128_CTR].nid = |
|
648 t4_aes_128_ctr.nid = NID_t4_aes_128_ctr; |
|
649 |
|
650 if ((NID_t4_aes_192_ctr = t4_add_NID("AES-192-CTR", "aes-192-ctr")) == |
|
651 NID_undef) |
|
652 return (0); |
|
653 t4_cipher_table[T4_AES_192_CTR].nid = |
|
654 t4_aes_192_ctr.nid = NID_t4_aes_192_ctr; |
|
655 |
|
656 if ((NID_t4_aes_256_ctr = t4_add_NID("AES-256-CTR", "aes-256-ctr")) == |
|
657 NID_undef) |
|
658 return (0); |
|
659 t4_cipher_table[T4_AES_256_CTR].nid = |
|
660 t4_aes_256_ctr.nid = NID_t4_aes_256_ctr; |
|
661 |
|
662 /* Initialize t4_cipher_nids[] */ |
|
663 for (int i = 0; i < t4_cipher_count; ++i) { |
|
664 if (t4_cipher_nids[i] == NID_undef) { /* found */ |
|
665 t4_cipher_nids[i] = NID_t4_aes_128_ctr; |
|
666 t4_cipher_nids[++i] = NID_t4_aes_192_ctr; |
|
667 t4_cipher_nids[++i] = NID_t4_aes_256_ctr; |
|
668 break; |
|
669 } |
|
670 } |
|
671 |
|
672 return (1); |
|
673 } |
|
674 |
|
675 |
|
676 static void |
|
677 t4_free_aes_ctr_NIDs(void) |
|
678 { |
|
679 ASN1_OBJECT *o = NULL; |
|
680 |
|
681 /* Clear entries in t4_cipher_nids[] */ |
|
682 for (int i = 0; i < t4_cipher_count; ++i) { |
|
683 if (t4_cipher_nids[i] == NID_t4_aes_128_ctr) { |
|
684 t4_cipher_nids[i] = NID_undef; |
|
685 } else if (t4_cipher_nids[i] == NID_t4_aes_192_ctr) { |
|
686 t4_cipher_nids[i] = NID_undef; |
|
687 } else if (t4_cipher_nids[i] == NID_t4_aes_256_ctr) { |
|
688 t4_cipher_nids[i] = NID_undef; |
|
689 } |
|
690 } |
|
691 |
|
692 /* Clear NID_t4_aes_*_ctr and t4_cipher_table[] variables */ |
|
693 if (NID_t4_aes_128_ctr != NID_undef) { |
|
694 o = OBJ_nid2obj(NID_t4_aes_128_ctr); |
|
695 if (o != NULL) |
|
696 ASN1_OBJECT_free(o); |
|
697 NID_t4_aes_128_ctr = NID_undef; |
|
698 t4_cipher_table[T4_AES_128_CTR].nid = |
|
699 t4_aes_128_ctr.nid = NID_undef; |
|
700 } |
|
701 |
|
702 if (NID_t4_aes_192_ctr != NID_undef) { |
|
703 o = OBJ_nid2obj(NID_t4_aes_192_ctr); |
|
704 if (o != NULL) |
|
705 ASN1_OBJECT_free(o); |
|
706 NID_t4_aes_192_ctr = NID_undef; |
|
707 t4_cipher_table[T4_AES_192_CTR].nid = |
|
708 t4_aes_192_ctr.nid = NID_undef; |
|
709 } |
|
710 |
|
711 if (NID_t4_aes_256_ctr != NID_undef) { |
|
712 o = OBJ_nid2obj(NID_t4_aes_256_ctr); |
|
713 if (o != NULL) |
|
714 ASN1_OBJECT_free(o); |
|
715 NID_t4_aes_256_ctr = NID_undef; |
|
716 t4_cipher_table[T4_AES_256_CTR].nid = |
|
717 t4_aes_256_ctr.nid = NID_undef; |
|
718 } |
|
719 } |
|
720 #endif /* !SOLARIS_NO_AES_CTR */ |
|
721 |
|
722 |
|
723 /* |
|
724 * Cipher functions |
|
725 */ |
|
726 |
|
727 |
|
728 /* |
|
729 * Registered by the ENGINE with ENGINE_set_ciphers(). |
|
730 * Finds out how to deal with a particular cipher NID in the ENGINE. |
|
731 */ |
|
732 /* ARGSUSED */ |
|
733 static int |
|
734 t4_get_all_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
|
735 const int **nids, int nid) |
|
736 { |
|
737 if (cipher == NULL) { /* return a list of all supported ciphers */ |
|
738 *nids = (t4_cipher_count > 0) ? t4_cipher_nids : NULL; |
|
739 return (t4_cipher_count); |
|
740 } |
|
741 |
|
742 switch (nid) { |
|
743 case NID_aes_128_cbc: |
|
744 *cipher = &t4_aes_128_cbc; |
|
745 break; |
|
746 case NID_aes_192_cbc: |
|
747 *cipher = &t4_aes_192_cbc; |
|
748 break; |
|
749 case NID_aes_256_cbc: |
|
750 *cipher = &t4_aes_256_cbc; |
|
751 break; |
|
752 case NID_aes_128_ecb: |
|
753 *cipher = &t4_aes_128_ecb; |
|
754 break; |
|
755 case NID_aes_192_ecb: |
|
756 *cipher = &t4_aes_192_ecb; |
|
757 break; |
|
758 case NID_aes_256_ecb: |
|
759 *cipher = &t4_aes_256_ecb; |
|
760 break; |
|
761 #ifndef SOLARIS_NO_AES_CFB128 |
|
762 case NID_aes_128_cfb128: |
|
763 *cipher = &t4_aes_128_cfb128; |
|
764 break; |
|
765 case NID_aes_192_cfb128: |
|
766 *cipher = &t4_aes_192_cfb128; |
|
767 break; |
|
768 case NID_aes_256_cfb128: |
|
769 *cipher = &t4_aes_256_cfb128; |
|
770 break; |
|
771 #endif /* !SOLARIS_NO_AES_CFB128 */ |
|
772 #ifndef OPENSSL_NO_DES |
|
773 case NID_des_cbc: |
|
774 *cipher = &t4_des_cbc; |
|
775 break; |
|
776 case NID_des_ede3_cbc: |
|
777 *cipher = &t4_des3_cbc; |
|
778 break; |
|
779 case NID_des_ecb: |
|
780 *cipher = &t4_des_ecb; |
|
781 break; |
|
782 case NID_des_ede3_ecb: |
|
783 *cipher = &t4_des3_ecb; |
|
784 break; |
|
785 #endif /* !OPENSSL_NO_DES */ |
|
786 |
|
787 default: |
|
788 #ifndef SOLARIS_NO_AES_CTR |
|
789 /* These NIDs cannot be const, so must be tested with "if" */ |
|
790 if (nid == NID_t4_aes_128_ctr) { |
|
791 *cipher = &t4_aes_128_ctr; |
|
792 break; |
|
793 } else if (nid == NID_t4_aes_192_ctr) { |
|
794 *cipher = &t4_aes_192_ctr; |
|
795 break; |
|
796 } else if (nid == NID_t4_aes_256_ctr) { |
|
797 *cipher = &t4_aes_256_ctr; |
|
798 break; |
|
799 } else |
|
800 #endif /* !SOLARIS_NO_AES_CTR */ |
|
801 { |
|
802 /* cipher not supported */ |
|
803 *cipher = NULL; |
|
804 return (0); |
|
805 } |
|
806 } |
|
807 |
|
808 return (1); |
|
809 } |
|
810 |
|
811 |
|
812 /* Called by t4_cipher_init_aes() */ |
|
813 static t4_cipher_id |
|
814 get_cipher_index_by_nid(int nid) |
|
815 { |
|
816 t4_cipher_id i; |
|
817 |
|
818 for (i = (t4_cipher_id)0; i < T4_CIPHER_MAX; ++i) |
|
819 if (t4_cipher_table[i].nid == nid) |
|
820 return (i); |
|
821 return (T4_CIPHER_MAX); |
|
822 } |
|
823 |
|
824 |
|
825 /* ARGSUSED2 */ |
|
826 static int |
|
827 t4_cipher_init_aes(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
|
828 const unsigned char *iv, int enc) |
|
829 { |
|
830 t4_cipher_ctx_t *tctx = ctx->cipher_data; |
|
831 uint64_t *t4_ks = tctx->t4_ks; |
|
832 t4_cipher_t *t4_cipher; |
|
833 t4_cipher_id index; |
|
834 int key_len = ctx->key_len; |
|
835 uint64_t aligned_key_buffer[4]; /* 16, 24, or 32 bytes long */ |
|
836 uint64_t *aligned_key; |
|
837 |
|
838 if (key == NULL) { |
|
839 T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_KEY); |
|
840 return (0); |
|
841 } |
|
842 |
|
843 /* Get the cipher entry index in t4_cipher_table from nid */ |
|
844 index = get_cipher_index_by_nid(ctx->cipher->nid); |
|
845 if (index >= T4_CIPHER_MAX) { |
|
846 T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_NID); |
|
847 return (0); /* Error */ |
|
848 } |
|
849 t4_cipher = &t4_cipher_table[index]; |
|
850 |
|
851 /* Check key size and iv size */ |
|
852 if (ctx->cipher->iv_len < t4_cipher->iv_len) { |
|
853 T4err(T4_F_CIPHER_INIT_AES, T4_R_IV_LEN_INCORRECT); |
|
854 return (0); /* Error */ |
|
855 } |
|
856 if ((key_len < t4_cipher->min_key_len) || |
|
857 (key_len > t4_cipher->max_key_len)) { |
|
858 T4err(T4_F_CIPHER_INIT_AES, T4_R_KEY_LEN_INCORRECT); |
|
859 return (0); /* Error */ |
|
860 } |
|
861 |
|
862 /* Set cipher flags, if any */ |
|
863 ctx->flags |= t4_cipher->flags; |
|
864 |
|
865 /* Align the key */ |
|
866 if (((unsigned long)key & 0x7) == 0) /* already aligned */ |
|
867 aligned_key = (uint64_t *)key; |
|
868 else { /* key is not 8-byte aligned */ |
|
869 #ifdef DEBUG_T4 |
|
870 (void) fprintf(stderr, "T4: key is not 8 byte aligned\n"); |
|
871 #endif |
|
872 (void) memcpy(aligned_key_buffer, key, key_len); |
|
873 aligned_key = aligned_key_buffer; |
|
874 } |
|
875 |
|
876 |
|
877 /* |
|
878 * Expand the key schedule. |
|
879 * Copy original key to start of t4_ks key schedule. Note that the |
|
880 * encryption and decryption key schedule are the same for T4. |
|
881 */ |
|
882 switch (key_len) { |
|
883 case 16: |
|
884 t4_aes_expand128(&t4_ks[2], |
|
885 (const uint32_t *)aligned_key); |
|
886 t4_ks[0] = aligned_key[0]; |
|
887 t4_ks[1] = aligned_key[1]; |
|
888 break; |
|
889 case 24: |
|
890 t4_aes_expand192(&t4_ks[3], |
|
891 (const uint32_t *)aligned_key); |
|
892 t4_ks[0] = aligned_key[0]; |
|
893 t4_ks[1] = aligned_key[1]; |
|
894 t4_ks[2] = aligned_key[2]; |
|
895 break; |
|
896 case 32: |
|
897 t4_aes_expand256(&t4_ks[4], |
|
898 (const uint32_t *)aligned_key); |
|
899 t4_ks[0] = aligned_key[0]; |
|
900 t4_ks[1] = aligned_key[1]; |
|
901 t4_ks[2] = aligned_key[2]; |
|
902 t4_ks[3] = aligned_key[3]; |
|
903 break; |
|
904 default: |
|
905 T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_KEY); |
|
906 return (0); |
|
907 } |
|
908 |
|
909 /* Save index to cipher */ |
|
910 tctx->index = index; |
|
911 |
|
912 /* Align IV, if needed */ |
|
913 if (t4_cipher->iv_len <= 0) { /* no IV (such as with ECB mode) */ |
|
914 tctx->iv = NULL; |
|
915 } else if (((unsigned long)ctx->iv & 0x7) == 0) { /* already aligned */ |
|
916 tctx->iv = (uint64_t *)ctx->iv; |
|
917 } else { |
|
918 /* IV is not 8 byte aligned */ |
|
919 (void) memcpy(tctx->aligned_iv_buffer, ctx->iv, |
|
920 ctx->cipher->iv_len); |
|
921 tctx->iv = tctx->aligned_iv_buffer; |
|
922 #ifdef DEBUG_T4 |
|
923 (void) fprintf(stderr, |
|
924 "t4_cipher_init_aes: IV is not 8 byte aligned\n"); |
|
925 (void) fprintf(stderr, |
|
926 "t4_cipher_init_aes: ctx->cipher->iv_len =%d\n", |
|
927 ctx->cipher->iv_len); |
|
928 (void) fprintf(stderr, "t4_cipher_init_aes: after " |
|
929 "re-alignment, tctx->iv = %p\n", (void *)tctx->iv); |
|
930 #endif /* DEBUG_T4 */ |
|
931 } |
|
932 |
|
933 return (1); |
|
934 } |
|
935 |
|
936 |
|
937 /* |
|
938 * ENCRYPT_UPDATE or DECRYPT_UPDATE |
|
939 */ |
|
940 #define T4_CIPHER_DO_AES(t4_cipher_do_aes, t4_aes_load_keys_for_encrypt, \ |
|
941 t4_aes_encrypt, t4_aes_load_keys_for_decrypt, t4_aes_decrypt, iv) \ |
|
942 static int \ |
|
943 t4_cipher_do_aes(EVP_CIPHER_CTX *ctx, unsigned char *out, \ |
|
944 const unsigned char *in, size_t inl) \ |
|
945 { \ |
|
946 t4_cipher_ctx_t *tctx = ctx->cipher_data; \ |
|
947 uint64_t *t4_ks = tctx->t4_ks; \ |
|
948 unsigned long outl = inl; \ |
|
949 unsigned char *bufin_alloc = NULL, *bufout_alloc = NULL; \ |
|
950 unsigned char *bufin, *bufout; \ |
|
951 \ |
|
952 /* "in" and "out" must be 8 byte aligned */ \ |
|
953 if (((unsigned long)in & 0x7) == 0) { /* already aligned */ \ |
|
954 bufin = (unsigned char *)in; \ |
|
955 } else { /* "in" is not 8 byte aligned */ \ |
|
956 if (((unsigned long)out & 0x7) == 0) { /* aligned */ \ |
|
957 /* use output buffer for input */ \ |
|
958 bufin = out; \ |
|
959 } else { \ |
|
960 bufin = bufin_alloc = OPENSSL_malloc(inl); \ |
|
961 if (bufin_alloc == NULL) \ |
|
962 return (0); /* error */ \ |
|
963 } \ |
|
964 (void) memcpy(bufin, in, inl); \ |
|
965 } \ |
|
966 \ |
|
967 if (((unsigned long)out & 0x7) == 0) { /* already aligned */ \ |
|
968 bufout = out; \ |
|
969 } else { /* "out" is not 8 byte aligned */ \ |
|
970 if (bufin_alloc != NULL) { \ |
|
971 /* use allocated input buffer for output */ \ |
|
972 bufout = bufin_alloc; \ |
|
973 } else { \ |
|
974 bufout = bufout_alloc = OPENSSL_malloc(outl); \ |
|
975 if (bufout_alloc == NULL) { \ |
|
976 OPENSSL_free(bufin_alloc); \ |
|
977 return (0); /* error */ \ |
|
978 } \ |
|
979 } \ |
|
980 } \ |
|
981 \ |
|
982 /* Data length must be an even multiple of block size. */ \ |
|
983 if ((inl & 0xf) != 0) { \ |
|
984 OPENSSL_free(bufout_alloc); \ |
|
985 OPENSSL_free(bufin_alloc); \ |
|
986 T4err(T4_F_CIPHER_DO_AES, T4_R_NOT_BLOCKSIZE_LENGTH); \ |
|
987 return (0); \ |
|
988 } \ |
|
989 \ |
|
990 if (ctx->encrypt) { \ |
|
991 t4_aes_load_keys_for_encrypt(t4_ks); \ |
|
992 t4_aes_encrypt(t4_ks, (uint64_t *)bufin, \ |
|
993 (uint64_t *)bufout, (size_t)inl, iv); \ |
|
994 } else { /* decrypt */ \ |
|
995 t4_aes_load_keys_for_decrypt(t4_ks); \ |
|
996 t4_aes_decrypt(t4_ks, (uint64_t *)bufin, \ |
|
997 (uint64_t *)bufout, (size_t)inl, iv); \ |
|
998 } \ |
|
999 \ |
|
1000 /* Cleanup */ \ |
|
1001 if (bufin_alloc != NULL) { \ |
|
1002 if (bufout == bufin_alloc) \ |
|
1003 (void) memcpy(out, bufout, outl); \ |
|
1004 OPENSSL_free(bufin_alloc); \ |
|
1005 } \ |
|
1006 if (bufout_alloc != NULL) { \ |
|
1007 (void) memcpy(out, bufout_alloc, outl); \ |
|
1008 OPENSSL_free(bufout_alloc); \ |
|
1009 } \ |
|
1010 \ |
|
1011 return (1); \ |
|
1012 } |
|
1013 |
|
1014 |
|
1015 /* AES CBC mode. */ |
|
1016 T4_CIPHER_DO_AES(t4_cipher_do_aes_128_cbc, |
|
1017 t4_aes128_load_keys_for_encrypt, t4_aes128_cbc_encrypt, |
|
1018 t4_aes128_load_keys_for_decrypt, t4_aes128_cbc_decrypt, tctx->iv) |
|
1019 T4_CIPHER_DO_AES(t4_cipher_do_aes_192_cbc, |
|
1020 t4_aes192_load_keys_for_encrypt, t4_aes192_cbc_encrypt, |
|
1021 t4_aes192_load_keys_for_decrypt, t4_aes192_cbc_decrypt, tctx->iv) |
|
1022 T4_CIPHER_DO_AES(t4_cipher_do_aes_256_cbc, |
|
1023 t4_aes256_load_keys_for_encrypt, t4_aes256_cbc_encrypt, |
|
1024 t4_aes256_load_keys_for_decrypt, t4_aes256_cbc_decrypt, tctx->iv) |
|
1025 |
|
1026 /* |
|
1027 * AES CFB128 mode. |
|
1028 * CFB128 decrypt uses load_keys_for_encrypt() as the mode uses |
|
1029 * the raw AES encrypt operation for the decryption, too. |
|
1030 */ |
|
1031 #ifndef SOLARIS_NO_AES_CFB128 |
|
1032 T4_CIPHER_DO_AES(t4_cipher_do_aes_128_cfb128, |
|
1033 t4_aes128_load_keys_for_encrypt, t4_aes128_cfb128_encrypt, |
|
1034 t4_aes128_load_keys_for_encrypt, t4_aes128_cfb128_decrypt, tctx->iv) |
|
1035 T4_CIPHER_DO_AES(t4_cipher_do_aes_192_cfb128, |
|
1036 t4_aes192_load_keys_for_encrypt, t4_aes192_cfb128_encrypt, |
|
1037 t4_aes192_load_keys_for_encrypt, t4_aes192_cfb128_decrypt, tctx->iv) |
|
1038 T4_CIPHER_DO_AES(t4_cipher_do_aes_256_cfb128, |
|
1039 t4_aes256_load_keys_for_encrypt, t4_aes256_cfb128_encrypt, |
|
1040 t4_aes256_load_keys_for_encrypt, t4_aes256_cfb128_decrypt, tctx->iv) |
|
1041 #endif /* !SOLARIS_NO_AES_CFB128 */ |
|
1042 |
|
1043 /* AES CTR mode. */ |
|
1044 #ifndef SOLARIS_NO_AES_CTR |
|
1045 T4_CIPHER_DO_AES(t4_cipher_do_aes_128_ctr, |
|
1046 t4_aes128_load_keys_for_encrypt, t4_aes128_ctr_crypt, |
|
1047 t4_aes128_load_keys_for_decrypt, t4_aes128_ctr_crypt, tctx->iv) |
|
1048 T4_CIPHER_DO_AES(t4_cipher_do_aes_192_ctr, |
|
1049 t4_aes192_load_keys_for_encrypt, t4_aes192_ctr_crypt, |
|
1050 t4_aes192_load_keys_for_decrypt, t4_aes192_ctr_crypt, tctx->iv) |
|
1051 T4_CIPHER_DO_AES(t4_cipher_do_aes_256_ctr, |
|
1052 t4_aes256_load_keys_for_encrypt, t4_aes256_ctr_crypt, |
|
1053 t4_aes256_load_keys_for_decrypt, t4_aes256_ctr_crypt, tctx->iv) |
|
1054 #endif /* !SOLARIS_NO_AES_CTR */ |
|
1055 |
|
1056 /* AES ECB mode. */ |
|
1057 T4_CIPHER_DO_AES(t4_cipher_do_aes_128_ecb, |
|
1058 t4_aes128_load_keys_for_encrypt, t4_aes128_ecb_encrypt, |
|
1059 t4_aes128_load_keys_for_decrypt, t4_aes128_ecb_decrypt, NULL) |
|
1060 T4_CIPHER_DO_AES(t4_cipher_do_aes_192_ecb, |
|
1061 t4_aes192_load_keys_for_encrypt, t4_aes192_ecb_encrypt, |
|
1062 t4_aes192_load_keys_for_decrypt, t4_aes192_ecb_decrypt, NULL) |
|
1063 T4_CIPHER_DO_AES(t4_cipher_do_aes_256_ecb, |
|
1064 t4_aes256_load_keys_for_encrypt, t4_aes256_ecb_encrypt, |
|
1065 t4_aes256_load_keys_for_decrypt, t4_aes256_ecb_decrypt, NULL) |
|
1066 |
|
1067 |
|
1068 /* |
|
1069 * Is the t4 engine available? |
|
1070 * Passed to ENGINE_set_init_function(). |
|
1071 */ |
|
1072 /* ARGSUSED */ |
|
1073 static int |
|
1074 t4_init(ENGINE *e) |
|
1075 { |
|
1076 return (1); |
|
1077 } |
|
1078 |
|
1079 |
|
1080 /* Passed to ENGINE_set_destroy_function(). */ |
|
1081 /* ARGSUSED */ |
|
1082 static int |
|
1083 t4_destroy(ENGINE *e) |
|
1084 { |
|
1085 T4_FREE_AES_CTR_NIDS; |
|
1086 ERR_unload_t4_strings(); |
|
1087 return (1); |
|
1088 } |
|
1089 |
|
1090 |
|
1091 /* |
|
1092 * Called by t4_bind_helper(). |
|
1093 * Note: too early to use T4err() functions on errors. |
|
1094 */ |
|
1095 /* ARGSUSED */ |
|
1096 static int |
|
1097 t4_bind(ENGINE *e) |
|
1098 { |
|
1099 _Bool aes_engage, digest_engage, des_engage, montmul_engage; |
|
1100 |
|
1101 t4_instructions_present(&aes_engage, &des_engage, &digest_engage, |
|
1102 &montmul_engage); |
|
1103 #ifdef DEBUG_T4 |
|
1104 (void) fprintf(stderr, |
|
1105 "t4_bind: engage aes=%d, des=%d, digest=%d\n", |
|
1106 aes_engage, des_engage, digest_engage); |
|
1107 #endif |
|
1108 #ifndef OPENSSL_NO_DES |
|
1109 if (!des_engage) { /* Remove DES ciphers from list */ |
|
1110 t4_cipher_count -= t4_des_cipher_count; |
|
1111 } |
|
1112 #endif |
|
1113 |
|
1114 #ifndef SOLARIS_NO_AES_CTR |
|
1115 /* |
|
1116 * We must do this before we start working with slots since we need all |
|
1117 * NIDs there. |
|
1118 */ |
|
1119 if (aes_engage) { |
|
1120 if (t4_add_aes_ctr_NIDs() == 0) { |
|
1121 T4_FREE_AES_CTR_NIDS; |
|
1122 return (0); |
|
1123 } |
|
1124 } |
|
1125 #endif /* !SOLARIS_NO_AES_CTR */ |
|
1126 |
|
1127 #ifdef DEBUG_T4 |
|
1128 (void) fprintf(stderr, "t4_cipher_count = %d; t4_cipher_nids[] =\n", |
|
1129 t4_cipher_count); |
|
1130 for (int i = 0; i < t4_cipher_count; ++i) { |
|
1131 (void) fprintf(stderr, " %d", t4_cipher_nids[i]); |
|
1132 } |
|
1133 (void) fprintf(stderr, "\n"); |
|
1134 #endif /* DEBUG_T4 */ |
|
1135 |
|
1136 /* Register T4 engine ID, name, and functions */ |
|
1137 if (!ENGINE_set_id(e, ENGINE_T4_ID) || |
|
1138 !ENGINE_set_name(e, |
|
1139 aes_engage ? ENGINE_T4_NAME: ENGINE_NO_T4_NAME) || |
|
1140 !ENGINE_set_init_function(e, t4_init) || |
|
1141 (aes_engage && !ENGINE_set_ciphers(e, t4_get_all_ciphers)) || |
|
1142 (digest_engage && !ENGINE_set_digests(e, t4_get_all_digests)) || |
|
1143 #ifndef OPENSSL_NO_RSA |
|
1144 (montmul_engage && !ENGINE_set_RSA(e, t4_RSA())) || |
|
1145 #endif /* OPENSSL_NO_RSA */ |
|
1146 #ifndef OPENSSL_NO_DH |
|
1147 (montmul_engage && !ENGINE_set_DH(e, t4_DH())) || |
|
1148 #endif /* OPENSSL_NO_DH */ |
|
1149 #ifndef OPENSSL_NO_DSA |
|
1150 (montmul_engage && !ENGINE_set_DSA(e, t4_DSA())) || |
|
1151 #endif /* OPENSSL_NO_DSA */ |
|
1152 !ENGINE_set_destroy_function(e, t4_destroy)) { |
|
1153 T4_FREE_AES_CTR_NIDS; |
|
1154 return (0); |
|
1155 } |
|
1156 |
|
1157 return (1); |
|
1158 } |
|
1159 |
|
1160 |
|
1161 /* |
|
1162 * Called by ENGINE_load_t4(). |
|
1163 * Note: too early to use T4err() functions on errors. |
|
1164 */ |
|
1165 static int |
|
1166 t4_bind_helper(ENGINE *e, const char *id) |
|
1167 { |
|
1168 if (id != NULL && (strcmp(id, ENGINE_T4_ID) != 0)) { |
|
1169 (void) fprintf(stderr, "T4: bad t4 engine ID\n"); |
|
1170 return (0); |
|
1171 } |
|
1172 if (!t4_bind(e)) { |
|
1173 (void) fprintf(stderr, |
|
1174 "T4: failed to bind t4 engine\n"); |
|
1175 return (0); |
|
1176 } |
|
1177 |
|
1178 return (1); |
|
1179 } |
|
1180 |
|
1181 |
|
1182 #ifdef DYNAMIC_ENGINE |
|
1183 IMPLEMENT_DYNAMIC_CHECK_FN() |
|
1184 IMPLEMENT_DYNAMIC_BIND_FN(t4_bind_helper) |
|
1185 #endif /* DYNAMIC_ENGINE */ |
|
1186 #endif /* COMPILE_HW_T4 */ |
|
1187 #endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_AES_T4 && !OPENSSL_NO_AES */ |
|